Skip to main content

tv   U.S. Senate  CSPAN  April 4, 2012 5:00pm-8:00pm EDT

5:00 pm
votes. .. >> we have liable laws. we have anti-pornography law,
5:01 pm
and when the name of free speech in is handful of individuals can have a hugely disportioned effect on the candidates undisclosed, i think that corrodes the roots of our democracy, and i worry about the future of this country in terms of accountability. at least in my view, we have to move forward. with that, without objection, the hearing record remains open for 10 business days for additional statements and documents submitted for the record and request that our witnesses respond in writing to additional written questions from committee members. i want to thank the colleagues for participating and thank the witnesses for an illuminating discussion, and with that, the committee is adjourned. [inaudible conversations]
5:02 pm
5:03 pm
>> if you think of yourself as a family and as a team, and she said, you know, when i get a raise at work, he's proud of me, it's like we got a raise, our family got a raise. i feel she redefined providing to include what her husband does and had respect forñhr what her husband was doing. >> "the richer sex" author on the changing role of women as the breadwinner of the family and how that impacts their lives. also, america the beautiful, and ben carson compares the decline
5:04 pm
of empires past and what america should do to avoid a similar fate. booktv every weekend on c-span 2. >> we take booktv and american history programming on the road the first weekend of each month. this past weekend featured little rock, arkansas. >> high school collected photographs and was particularly, again, interested in the 19th century, civil war in particular. these are two friends, union and confederate, who knew each other prior to the civil war, fought against each other in 1862, survived the war, came out alive, and remained friends after the war, and here they are friends at age 100 on the porch,
5:05 pm
talking about the old days. >> a lady here wrote a wonderful book called "the art of the gaman," and that meant surviving the unsurvivable, and she talks a lot about how arts and crafts is how they kept their sanity and gave them something to do and how depression was so bad in a lot of the camps, and there was a high incidence of suicide and people made things of beauty to give to each other as a way to say, you know, we support you and we care about now. >> our lcv tour continues from oklahoma city on c-span2 and 3. >> this year's student cam asked students to create a video and
5:06 pm
what is important to them and why. we go to grand junction, colorado where the third prize winner is a senior. hi, vinny. >> religion plays a huge role in people's live, and how people act in everyday society, and so it obviously it'll play a role in government whether we try to have it as in government or not, and so i wanted to see all the different aspects of it because i'm not religious, i find it a really fascinating subject. >> in your documentary, you spent time with various religious groups, how do you describe the experiences. i contacted the pastor, and they are nice people, give up about, at least three hours of their time in the middle of a day on a
5:07 pm
wednesday, and so i try to stay there the whole time, and i found it really interesting to talk with him and pick the brain on religion and everything. on the other side, i interviewed the atheist group in grand junction. i heard of them because the news every once in awhile, but i didn't know what to expect, and they were some of the nicest people i've met. >> why do you think it was important to spend time with both groups? >> i think it's important that people really look at both sides of the issue before taking a side, and i mean, i really tried to look at both sides of any issue, any political, economic, personal issue because if you just look at one side of an issue, then you're just getting half the message, you're only going to be getting half the information you could be get, and i feel like that ignorance can be a problem in society that i really don't want to contribute to. >> what do you think about the involvement of religion in government? >> well, i think -- i find no
5:08 pm
really problem with it because in america there's basically a motto, majority rule, minority right. the country is 75% christian, and i don't find anything wrong with "in god we trust" on our money. it's not hurting anybody. same with under god in the pledge. it's not like i have to say it. i don't have to say the pledge at all or not just say "under god," and it's not like i'm forced about it. i find it insulting with politicians use it as like their sole calling card to coal other people who are not as religious and moral. i find that wrong. you don't have to be religious to have a moral background, but i see it as an effective campaign strategy. not much i can do about that. >> what would you want a viewer to take away from watching your
5:09 pm
video? >> now know what? there's no true 100% guarantee that any side is right so we shouldn't be fighting about an issue where it's only a matter of personal faith. i mean, it's a more personal issue than it is a society issue, and i feel that people need to see that a lot more. >> thank you very much, vinny, for your time, and congratulations again on your win. >> thank you. >> here's a brief portion from the documentary called "in god we trust: religion's role in america." >> seems we are going too far to keep god out of government. >> you don't have a right, i don't think it was intended to be protected from exposure to religion whether it be a, you know, a christmas tree or some kind of display by, you know, somebody who believes in god. once we're to the point where we
5:10 pm
are that sensitive, we're missing the point of what our freedoms are. >> the constitution protects our rights whether we're christian, jewish, muslim, atheist, or whatever we believe. there's no reason to e rad cat god from our government that was founded by congress. congress makes no law with the establishment of religion or free exercise there are. we need a mutual understanding we are a country founded by christians. however, nobody's wrong and nobody's right under law. we can practice what we wish. >> you can see this entire video as well as all the winning documentaries at studentcam.org and continue the conversation on c-span's facebook and twitter pages. >> the u.s. general in charge of cyberdefense recently told a senate committee that china managed to pull off a successful cyberattack against rsa, one of the internet east most
5:11 pm
sophisticated security firms. chief alexander testified alongside the stratcom commander. this is just under three hours. >> good morning, everybody. today's hearing continues a series of posture hearings that the armed services committee's conducting on combat and commands within the context of the fiscal year 20 # 13 -- 2013 budget request and the president's new strategic guidance. today, we received testimony from u.s. strategic command and u.s. cyber command of the u.s. strategic command. let me first welcome general report, the commander of the u.s. strategic command and general keith alexander, the commander of the cybercommand,
5:12 pm
and thank you both for your service to the nation. we thank the fine men and women who serve in these commands for their dedication and service to our nation, and a special thanks to their families. strategic command or stratcom manages nine missions across the department of defense and missions range from satellite and space situational awareness, missile defense, and electronic warfare to combats weapons of mass destruction. stratcom coordinating cyber command across the department of defense. unlike combat commands that are regionally focused, these commands are global. as noted in the president's strategic guy dance, stratcom can under any circumstances confront an adversary with the prospect of unacceptable damage. that capability needs to be preserved as we continue to
5:13 pm
reduce the size of these forces and modernize the infrastructure at the department of energy that supports this mission. here's some of the issues that i hope will be addressed this morning. first, are you satisfied -- are you satisfied with the direction we're taking in nuclear force posture and with the department of energy's role in maintaining our nuclear stockpile? we can continue to reduce the size without testing ensuring the stockpile is safe meeting military requirements. second, do you believe we are on a sustainable path to protect our space assets and to reconstitute them if necessary given the congested and contested nature of space? third, the department of defense is allocated a block of the
5:14 pm
electoral magnetic spectrum that connects our space, cyber, and electronic war assets to our forces. stratcom is the lead combatant and command for lead operations. how concerned are you about the prospect of losing spectrum, and what are you doing to preserve the department's access to it? fourth, with the cancellation of the operationally responsive space program, are you worried about our ability to field low cost, but rapidly deployable satellites that can fill capability gaps between large national intelligence satellite collection systems and the department's airborne surveillance platforms? fifth, what is your strategic vision for the combined use of space and cyber? these two domains are integrally linked, but we have not seen a plan for integrating
5:15 pm
capabilities and operations. let me now turn to cyber command for a moment. there's much for us to examine in this increasingly importantly complex, but still new mission area. not only affects the department of defense, but the government and the economy as a whole. general alexander has stated that the relentless industrial espionage waged against u.s. industry and government chiefly by china constitute, quote, "the largest transfer of wealth in history," close quote. we have to understand the dimensions of the technology, theft, and impact on national security and prosperity. the arms committee is focused on the need to develop comprehensive policies and frame works to govern planning and operations in cyberspace. what are the rules of engagement if we are attacked by another
5:16 pm
nation? what is the doctrine for operations and deterrents in war fighting strategies? the administration made progress in these areas as reflected in recent strategy statements and in the development of comprehensive legislation to improve cybersecurity, but much more needs to be done. as a still developing subunified combat and command, the committee needs to understand the current and planned relationships between cybercommand and stratcom and the other combat and commands. the defense department is considering establishment of component cyber commands at the combat and commands. we have to know what commander arrangement apply to the components as well as what was delegated to cybercommand and those it plans to retain.
5:17 pm
general alexander stated publicly he needs additional authorities to demand the information systems of the rest of the federal government and those of critical infrastructure. need clarity on what general alexander might be seeking and whether they go beyond what the administration requested in its legislative proposal to congress. general alexander also often stated that the department of defense does not, in fact, have a unified network, but rather 15,000 separate networks or enclaves, into which cybercommand has little visibility. the committee has to understand what can and should be done to correct what seems to be an urgent and critical problem. the department of defense conducted a pilot program with a number of major companies in the defense industrial base or dib
5:18 pm
as it's called or internet service providers or isps like at&t and verizon. isps provide signatures of known tools and methods directly to the dib companies or the isps that provide the dib companies their services. they use the signatures to detect and block intrusion attempts. carnegie melon conducted an independent assessment of the dib pilot for dod and concluded nsa provided few signatures not already known to the companies themselves, and in many cases, the dib companies by themselves detected advanced threats with their own nonsignature based detection methods that probably is not known to the nsa, and so
5:19 pm
we need to hear from general alexander on his view of those issues as well. we thank you, both, again for your service, for your being here this morning, and we call on senator mccain. >> well, thank you, mr. chairman. let me thank our distinguished witnesses for joining us this morning and their many years of service to our nation. u.s. strategic command is in the midst of pivotal change in proceeding with modernization of the nuclear weapon complex and tree yad, and cyberattack and the core mission competencies of 21st century warfare. nuclear modernization, encouraged with the unprecedented level of defense spending uncertainty, that the department has maintainedded its commitment to modernizing the triadd of war vehicles, but it's not said for the same nuclear administration, and their
5:20 pm
proposal to abandon or delay key elements of the nuclear weapons key modernization plan. radification of the new s.t.a.r.t. treaty was conditioned on a proposal by the president for the mission's complex. modernization is universally recognized as essential to the future viability of the nuclear weapons complex, and a prereck sit for future -- prerequisite for future reductions. we have not seen any sign of the administration keeping those commitments. a part of the mission is deterrence, however, as frequencies, sophistication, and intensity of cyber-related incidents continue to increase, it's inherit this administration cyber deternlt policies failed to curve those actions. the framework, overly reliant on the development of defensive
5:21 pm
capabilities has been unsuccessful in dissuading cyberrelated aggression. whether it's a nation state actively probing our national security networks, a terrorist organization seeking to obtain droughtive cyber capabilities, or criminal networks theft of intellectual property, we must do more to prevent, respond to, and detour cyber threats. inevidentability of a large scale cyber attack is a threat to our nation and strategy overly reliant on defense that does little to influence the psychology of attackers who operate in a world with few, if any, negative consequences for their actions. last july, general cartwright, former vice chairman of the chief of staffs, criticized the administration' recombat and active strategy for operating in cyberspace saying, quote, "if it's okay to attack me and i'm
5:22 pm
not going to do anything other than improve my defenses every time you attack me, it's very difficult to come up with a deterrent strategy." i look forward to hearing from the witnesses if they believe a strategy overly focused on defense is sustainable, and whether they agree more must be done to detour and dissuade those who look to hold u.s. interest at risk via cyberspace. the senate will soon begin debate on cybersecurity legislation. the central themes in that debate focus on how to improve information sharing across the spectrum and whether a new government pure bureaucracy improves our cybersecurity. i propose legislation, the secure act, that first focuses on removing legal hurdles with information sharing rather than adding regulations with sheer focus and precious resources away from the threat. if a timely response is essential, how would another layer of bureaucratic red tape
5:23 pm
be helpful? while a secured act does not give new authorities to the national security agency or u.s. cybercommand, few will deny those institutions, not the department of homeland security, are most capable of guarding against cyber threats. unfortunately, other legislative proposals favor premature adding more governmental bureaucracy rather than focusing on accomplishing the objective of protecting our cyber interests. general, during an fbi sponsored symposium in florida university, you stated if a significant cyber attack against this country were being planned, there may not be much cyberrer command or nsa could legally do to discover and thwart the attack in advance saying, quote, "in order to stop a cyber attack, you have to see it in realtime, and you have to have those authorities. those are the conditions we put on the table. now how and what the congress
5:24 pm
chooses, that'll be a policy decision." in a fight when the threat materializes in seconds and quick action is essential, i look forward to better understanding what authorities you believe are needed to protect united states' interest both at home and abroad. the department of defense is requesting nearly $3.4 billion for cybersecurity in fiscal year 2013, and almost $17.5 billion over the future years defense program. the cyberbudget is only one in growth because a broad agreement that addressing the threats should be among the highest priorities. i thank the witnesses for appearing today and look forward to their testimony. thank you, mr. chairman. >> thank you mr. chairman. >> thank you, mr. chairman.
5:25 pm
i'd like to have my statement submitted to the record. >> it will be made part of the record. >> sir, senator mccain, and distinguished members of the committee, thank you for allowing me the opportunity to present my views. very pleased to be here today with general keith alexander, cyberrer commands commander, and cyber is a critical component of the global capabilities. without question, mr., we continue to face a very challenging global security environment marked by change, complexity, and profound uncertainty. indeed, change and surprise characterized the year that has passed since my last appearance before this committee. over that time, the men and women of strategic command participated in support of operations in libya and japan, have supported the withdrawal of u.s. combat forces from iraq, and have observed the arab spring, the bold operation that killed bin laden, the death of kim jong il, and the succession
5:26 pm
of his son, and growing violence with tensions in iran, the adoption of new defense strategic guidance. through the extraordinary period of change, the focus has been constant. to partner with the other combat and commands to detour, protect, and prevent attacks on the united states, our allies, and partner, and to be prepared to employ force as needed in part of the national security objecteddives. our priorities are clear. detour, attack, partner with the other commands to win today, respond to the new challenges in space, build cyberspace capability and capacity, and prepare for uncertainty. transcending all of these priorities 1 the threat of nuclear materials or weapons in the hands of violent extremists. now, we don't have a crystal ball at stratcom, but we believe we have to prepare for the
5:27 pm
events, and conflict will be hybrid in nature encompassing air, sea, land, space, and cyberspace. had will likely cross traditional geographic boundaries, involve multiple apartments, waged by actors wielding combinations of capabilities, strategies, and tactics. it's important to note the same space and cyberspace tools that connect us together for commerce, navigation, and communication present opportunities for disruption and perhaps destruction. there's been new guidance to address the challenges. the new guidance describes the way ahead for the entire dod, but i believe many portions are relevant to stratcom and broad assigned responsibilities. for example, global presence, succeeding in current conflicts, detouring and defeating aggression in those seeking to deny our power projection, countering weapons of mass destruction, effectively
5:28 pm
operating in cyberspace, space, and across all other domains, maintaining a safe, secure, and effective deterrent are important in the strategy where we play a vital role. no question these are important responsibilityings, real risks involved in the scenarios we find ourselves in today. it's my job to prepare for those events and to advocate for the sustainment and modernization efforts we need to meet the challenges. in that regard, the fiscal year 2013 budget request is pivotal or our future. we are working hard to improve our planning and better integrate efforts to counter weapons of mass destruction. we have to proceed with planned modernization of nuclear delivery and command and control systems and proceed with life expansion programs for nuclear weapons and the complex care system for them. improve resilience of space capabilities, enhance our awareness of the increasingly
5:29 pm
congested, competitive, and contested domain. we need to improve the production and resilience of our cybernetworks, enhance our situational awareness, increase or capability and capacity and work across the agencies to protect our critical infrastructure. enhance our isr capabilities, better manage and sink news the capabilities that support them. we have to get better october electronic warfare, how to operate in a degraded space and cyberspace environment. we need to improve our understanding of our add adversaries. we have to review our plans and improve our decision processes and command relations, our subjects that the two of you touched on this your opening commentings. in short, the new national security reality calls for a new approach that calls for decentralized action from a fully integrated and interdependent joint force. these are tough challenges, but we view the challenges as
5:30 pm
opportunity. a chance to partner with other commands to forge a better, smarter, and faster joint force. we remain committed to work with with this committee, services of other agencies and international partners to provide the flexible, agile, and reliable insurance capabilities that our nation and friends need in the increasingly uncertain world. mr. chairman, it's an honor and privilege to lead america's finest men and women, our greatest advantage. i'm proud of their bravery and sacrifice and pledge to stand with them and for them to ensure we retain the best force the world has ever seen, and in that, i join with the secretary of defense and chairman of the joint chiefs of staff and other senior leaders, my colleagues, other combat and commanders in thanking you for the support you and this committee provided them in the past, present, and on into the future. before i close, mr. chairman, i'd like to pause and remind the committee that we're headquartered in the great state of nebraska, and i wanted to take the opportunity to thank
5:31 pm
senator ben nelson for his service. senator nelson retires at the end of this congress, and during his service, worked diligently to better lives of our troops and improve america's strategic forces. those who live and work at the air force base are well aware of his deep commitment to them. on behalf of your fellow nebraskaians, senator, we offer thanks, and with that, mr. chairman, thank you for this opportunity, and i look forward to your questions. >> thank you very much, general. thank you for your reference to general ben -- i mean senator ben nelson. we feel very much the way you do and grateful for your reference to him. >> thank you. >> thank you. general alexander. >> chairman levin, ranking member, mccain, and other distinguished members of the committee. thank you for the opportunity to appear before you today. i echo his comments all across the board including with senator
5:32 pm
nelson. i would start up front by echoing some of those comments which is it is a privilege and honor to lead the soldiers, sailors, airman, and marines of cybercommand and nsa. we have great people. thanks for what you do to get those great people for us. i'd also like to thank you and your colleagues for your support in helping this command move rapidly forward in our efforts to address emerging threats and concerns to our nation. i also need to thank all of our partners throughout dod, dhs, and the fbi and the endeavor to build capability and capacity. cyberis a team support, and we could not have come this far and accomplish this much as we have without them. many changes in substantial progress has been made since i last spoke to the committee almost two years ago. cyberspace has become more critical to our national and economic security, and,
5:33 pm
chairman, you brought up a quote about the greatest transfer of wealth. i think that is absolutely correct. we are seeing increased exploitation into industry, government, other government agencies and the theft of intellectual property is astounding. i'll address parts of that shortly in my comments coming up. i also think that the threat has grown in terms of activists, nation states, and non-nation state actors. the chairman and others emphasize area of investment in a leaner defense budget. the task of assuring access and security is drawing the attention of our of nation's leadership. the u.s. cybercommand is a component of a larger u.s. government wide effort to make cyberspace, one, safer, and a form for vibrant internet action, preserve our freedom to interact in cyberspace, and
5:34 pm
preserve our vital interests and those of our allies. cyber command is charged to direct a security in operations and defense with the department of defense information systems, but our work is effective by threats outside of dod networks, threats the nation cannot ignore. what we see both inside and outside dod information systems underscores the imperative to act now to defend america and cyberspace. the american people expect broad and efficient access to cyberspace. military and civilian actors rely on access the. increase interconnectedness of information systems, growing sophistication of cyber criminals and foreign intelligence actors has increased our risk. last spring, in its international strategy for cyberspace, the president confirmed inherit right to protect ourselves against attacks in this domain as in
5:35 pm
traditional do mains. he said, when warranted, united states responds to hostile acts in cyberspace as we would to any other threat to our country. cyber command exists to ensure the president can rely on the dod information systems and has military options available to defend our nation. the president and secretary of defense recently reviewed our nation's strategic interest, issued guidance on defense priorities, and in sustaining the u.s. global leadership, priorities for 21st century defense, the secretary focused on protecting access throughout the cyber domain. the u.s. cyber command role is to pay attention to how nations and non-nation state actors are developing a-symmetric capabilities to conduct cyber espionage and attacks. dod recently added detail to the commission. in accordance with the president's strategy, the department further explained our current posture to congress in a cyberspace report last summer.
5:36 pm
dod components, especially cybercommand, dissuaded others against those who plan to attacks united states. we work with a range of partners, u.s. government allies, private industry to strengthen defense of our citizens, the nation, and allies in cyberspace. i want to assure you that all of our work is performed to safeguard the privacy and civil liberties of u.s. persons. these responsibilities are very much on our minds. in the establishing the co-com relationships you asked about our relationships with other commands, and i want to briefly address that. first, we have a cyber support elements in each of the six geographically based co-coms. the element is up and operational. u.s. pay coms cyber support element is partially operation, and others are on the way. the purpose is to provide
5:37 pm
expertise and have capabilities into the mission planning efforts. our goal is to ensure each co-com has full sweep of cyber options to choose from with an understanding of effects these options produce in their aor. chairman, you also asked about the standing rules of engagement, there's a thorough review with the joint staff of existing rules of engagement in cyberspace. these rules should give us authorities we need to maximize pre-authorization of defense responses and empower activity at the lowest level. issues ironed out are what set of specific authorities rereceive, conditions to produce response actions, and we expect those to be done in the next few months. dod's role is defending the nation in cyberspags that requires coordination with
5:38 pm
several key government players, notably, dhs, the fbi, the intelligence community. i just would like to put those on the table because it is my opinion that we need all three working together as a joint team. dhs has the lead for coordinating overall effort to enhance cybersecurity of the u.s. critical infrastructure. they lead in resilience and preparing the defense. the fbi has the lead for detection, investigation, prevention, and mitigation response within the domestic arena under their authorities for law enforcement, domestic intelligence, counterintelligence, and counterterrorism. of course, dod, nsa, and cybercommand lead in protection, prevention and defense in foreign space. defense of the nation if the nation comes under attack. i'd like to go into a few, if i could, a little bit on what i see we need in cyberspace, the
5:39 pm
requirements to defend the nation from attack because there's been a lot 6 discussion on this, and i think it's important to put this up front. i think this is the heart of the discussion going on with the legislation today. first, we need to see the attack. what do i mean by that? that was a quote we made up at the florida university. if we can't see the attack, we can't stop it. what we're not talking about is putting nsa or the military into our networks to see the attack. what we're talking about that all of you put on the table is we have to have the ability to work with industry, our partners, so that when they are attacked or they see an attack, they can share that with us immediately. the information sharing and the liability that goes along would allow industry armed with signatures we can provide, signatures they have -- i agree it takes all of us working together -- to provide a better defense. what we need is for them to tell
5:40 pm
us something is going on. there's a couple of analogies i'd like to use. these are not perfect am jis, just the best i could come up with. being in the armed services committee here, i use the missile analogy. if a missile were coming into the country, had no radars to see it, we couldn't stop that missile. if we have a cyber attack coming in and no one tells us that attack is going on, we can't stop it. today, we're in the forensics mode. what that means is an attack or exploit normally occurs, we're told about it after the fact. i think we should be in the prevention mode in stopping that. a lot of that can be done by industry. i think that industry should have the ability to see these and share that with government in realtime. when you think about it, it's almost like the neighborhood watch program. somebody's breaking into a bank,
5:41 pm
somebody needs to call the authorities to stop it. in cyberspace, what we're saying is armed with the signatures, the software, those things that help us understand that an attack is going on, we believe industry is the right ones to tell government they see that and get us to respond to it. i just want to clarify because i do not believe we want a cyber command or military inside the networks watching it. we think industry can do that. we think that's the right first step, and we think actually that's in both of these bills. the second part, i use that bank one because there's another part to this that we have enforced within dod, and that's what standards of making our defense better. we put in a series of defensive capabilities, if you will, the standards that we operate and
5:42 pm
defend our networks. how do you align the networks? how do you know they are configuredded right and make them defensible so they last when someone is trying to get in? we have a great information assurance directorat, and i was told 80% of the attacks that come in could be stopped by the hygiene itself. chairman, you also brought up the carnegie melon report, and i want to hit some of that because i believe it's an important report, and it really employees to this discussion that we have going on now. as i stated previously, that report, and that assessment was early on in the dib companies pilot. that doesn't mean we can't do better. in fact, let me turn that around and say for us to be successful in cyberspace, it's going to require government and industry working together with the best of both.
5:43 pm
industry partners see signatures that government does not see, and government sees signature or malicious software, exploitations and attacks into the country that industry doesn't see. the information sharing and ability to do that is key to stopping that. what i see from the dib companies pilot is increased discussion between government and industry, and this was a good thing. it has grown, and it continues to grow, and we're getting better. in legislation, what i think is we need to make the first step. we need to start that journey. we won't get it perfect, but we need that ability for industry to share with us the fact that these attacks andics -- exploits are going on or we cannot stop them or help. there's five areas i focused on with our folks at u.s. cybercommand. first, we have to build and train cyber forces, and these are things we're arm and arm on,
5:44 pm
the key things we have to do. second, we have to have the defensible architecture. you mentioned the 15 those en-- 15,000 enclaves, and the reality is the way they are set up, we would have a much more defensible ark tech cheer, and we're pushing that, and the services help us get there. i think we have to partner with dhs and fbi. the reason that i bridge dhs into this is that i believe we want them working with the rest of government. we don't want to take the people i have and push them over here. i think we want the people we have looking outside, and i think that goes to senator mccain's comments. wears the offensive force, the ones to protect the nation, we have to see what's going on and be prepared to do that. we can give and work with dhs and provide capabilities and technical expertise, and that's growing. finally, i'd add in fbi.
5:45 pm
they have some tremendous capabilities, they have the law enforcement arm, and when you put all three of us together, i think our country knows what we are doing is transparent, and we're doing the right thing. in doing that, you got all three players to the table. i think command and control in partnership is key, especially with our allies, and i put the allies on the table because this is huge for our future. the concept of operating in cyberspace, we mentioned earlier. it's an honor and privilege to represent the soldiers, airmen, sailors, and marines here today. it is our opportunity to tell you about the accomplishments and performance in the future. i ask that the statement for the record be included on the record, and that's all i have, chairman. >> thank you, so much, general. your statement will be made part of the record, and we'll start with a 7-minute first round.
5:46 pm
general kehler, first, do you support the miss cage year 20 # -- fiscal year 2013 budget request? >> yes, sir, i do. >> general kehler, you made reference to effective nuclear command and control network that needs improvement, i believe, in your opening statement, and are those efforts underway to modernize that command and control network? can you describe those efforts a little bit in >> yes, sir, i can. the -- of course, as you know, the nuclear command and control system is composed of many, many parts. there's parts of the system that are not survivorble. there is, however, as part inherit in the nuclear command and control system is a thin line that ultimately would be survivorble under any conditions so that we could always ensure
5:47 pm
the president of the united states is connected to the nuclear forces. investments are underway in those critical capabilities. the capabilities that are part of the space architecture layer, of course, advanced dhs, satellites, and the first one is on outer, and the second one goes to orbit in the next year or so. i don't have the exact date. that will be the satellite based survivorble part of our thin line network going forward. we have issues with terminals and terminals lagging the deployment of the satellites meaning we have to use older terminals. we won't get the full capability from the satellites at first. we're working that problem. we have some issues to make sure that our bomber connectivity is maintained. the air force program supports that, and so i am comfort l that we're going forward there to maintain the connectivity at the force end of this. we're also upgrading some of our
5:48 pm
other components to the network, ground-based parts of the network, ect., and so i believe i will always be a little uncomfortable about the network. i will tell you that i think there is more to be done. we are working that inside the department for future budget requests, and, in fact, we're undertaking a fairly substantial review at this point in time about the nuclear command and control system and how it does or doesn't support other issues as well. >> thank you, general. the 2010 nuclear posture review called out for studying additional reductions and nuclear weapons. do you think it is possible to further reduce our nuclear weapons beyond the new start levels? >> mr. chairman, i think there's opportunities to reduce further, but i think that there are factors that bear on that ultimate outcome, and rather than get into those, which i don't think would be appropriate, i would just simply say i do think there's
5:49 pm
opportunities here, but recognizing there's some factors that bear on this. i would also mention it is never our view that we start with numbers. we start with an assessment of the situation we find ourselves in, the strategy, our objectives, ect., and then ultimately, you get to numbers. >> okay, thank you. general alexander, are you advocating for any additional legal authorities that are not included in the cyber legislation -- cybersecurity legislation that was proposed by the administration to congress or that's included in the lieberman-coal lines bill? >> no, chairman. >> on industrial espionage campaign, and i noted in my opening statement, i made reference to it in your statement, particularly china's
5:50 pm
aggressive industrial espionage campaign through cyberspace. can you give us examples of open session of the technologies that have been stole p through pen ration of major -- penetration through major dod and the department itself, and do you know whether or not, in fact, we raised this issue, particularly vice president biden, with the chinese. >> senatorring i'm not aware on the last with what the vice president shared with the chinese on that discussion, but we're seeing a great deal of dod related equipment stolen by the chinese. i can't go into the specifics here, but we see that from defense industrial base companies throughout. there are some very public ones, though, that give you a good idea of what's going on. the most recent one, i think, was the rsa exploits.
5:51 pm
rsa creates the two factor awe thept cation for things like paypal. when you order something and pay for it over the network, the authentication is done by encryption systems that rsa creates. the exploiters took many of those certifications and underlying software which makes it almost impossible to ensure that what you're certifying or what swop else is certifies is absolutely correct. they are replacing the certificates and did that in priority order for the defense department and others, but when you think about it the ability to do it against a company like rsa is such a high order capability, rsa is one the best, and if they did it against them, it makes all the other companies
5:52 pm
as a -- vulnerable. >> we took action to try to stop that theft, particularly, again, by the chinese when it comes to the supply of parts for weapons systems. we, i think it's important for you to talk to vice president biden or his office so you can see what steps were taken to inform the chinese of our position on this, and we've now got to find ways, and i think you're the perfect person to be a spokesman for this to stop their theft of other kinds of intellectual property through the use of cyber. i wonder if you could give us some examples of -- or give us some options. i think senator mccain also made reference to this. what are the options in terms of actions or anyone else who is
5:53 pm
stealing our information or our intellectual property to pay a price for this? >> well, i suppose using the rest of stratcom would be out, chairman. i think the first thing that strikes my mind, and i want to be clear on this because the most important thing we can do right now is make it more difficult for the chinese to do what they are doing. we have all the money in the banks, but the banks have the money out on tails in new york city at the park, and we're losing the money, and we wonder why. nobody's protected or it's not well-protected. our intellectual property is not well-protected, and we could do better protecting it. step one is take the steps to do that m i think what the department is doing, and you asked for authorities that would
5:54 pm
need legislation -- i think those are in the legislation. what the department is doing with the authorities we already have is maturing the standing rules of engagement that allows us to stop some of the exploits as they are going on. we can do that with the risk, and those are things we can do. stop them in process. for example, we saw an add veer sorry i -- adversary trying to take three gig bits, a lot of information from the defense contractors. we saw that in foreign space. the issue was now we had to work in human space to reach out to them to say they are trying to steal something from you, you got to stop it. there's got to be a better way to do that because that's almost like going at network speed now trying to send a regular mail letter to them that you're being attacked. we have got to bring this up into the network age to get these responses out. i would advocate, and i think the way we're going is to, one,
5:55 pm
build our dpefs, and, two, have options to stop it. beyond that, i think the president and the secretary need options that tick it to the next step. these are not options we would take, but options we would propose to the administration. if they exceed certain limits, it's our responsibility jointly with the co-coms says these are actions you can take to stop the acts. depending on the severity of the act, this is what we propose to be done. i think our job would be to defend and protect and to stop some of these attacks and now it is to the missiles coming in, and give the administration options of what they could do to take it to the next step if they choose. that includes cyber and other options available, and i think the white house has put that forward in their cyber security thoughts. >> thank you. senator mccain. >> well, i want to thank the
5:56 pm
witnesses. i would ask general alexander, do you agree that secretary panetta and fbi said that cyber attacks may soon be the number one threats to the united states? >> absolutely, senator. >> would you agree that major threats to the national security come from outside the united states, specifically, obviously, from unclassified information from china? >> absolutely. >> absolutely. so then what's the logic in providing the overall authority to the department of homeland security? anyone who has been through an airport, as i do regularly, as most of us do, have no confidence in the tech -- technology capabilities of the department of homeland security. in fact, as an example, nothing has changed as far as airport security is concerned since probably september 12th, 2011.
5:57 pm
what would be the logic in making the lead organization the department of homeland security? >> senator, i think the issue, if i could, i want to break this out in three areas to make sure my responses -- >> make it brief, please. i have additional questions. >> yes, sir. i see three major things. we want dhs to take the lead on working with civilian agencies and critical infrastructure. we want dod to take the lead on defending the nation under cyber attack, fbi under law enforcement and intelligence, and i think all three of us need to work together as a joint team to move this forward. if we don't work as a team, then the nation suffers. inside the united states, that's where i think dhs has the lead. they don't in terms of the foreign and the things coming in. that's where you want us to have the lead. >> how many people are under your command? >> in cyber command counting our
5:58 pm
service components, a little under 13,000. >> we have now 13,000 in cyber command which recently formed up, and so now we need other agencies. why shouldn't the responsibility lay with cyber command? >> senator, i do think the responsibility for defending the nation against attacks lies within cyber command out. i think the lead for working with critical infrastructure and helping them defend and prepare their networks should lie with dhs. >> that's a curious logic, general. in fact, most curious. so, really, all we formed up cyber command for was to worry about external threats, is that what you're saying? so department of homeland security should take the lead of anything that happens in the united states from outside, but
5:59 pm
you are still there with your 13,000 people? >> not quite that way, senator. probably i'm not clear enough on this. in terms of dhs's roles and responsibility, it's working with critical infrastructure and other governmental agencies in meeting the standards and protocols of how to build the networks and be the public interface. i think that's the role we want them to do, and their people go out, reach out with critical infrastructure and make sure those government systems are adequately developed. if they're attacked, no matter where that comes from, now i think the president has options of what he can do. we are one of those sets of options, and if chosen, we are prepared to do that. more importantly, where those people really come in is in our offensive capabilities. you asked that earlier, so the offensive capabilities would be to support the other combat and commands in their plans and
6:00 pm
capabilities. now, the bulk of our people -- >> your job is to support other commands with their offensive capability. ..
6:01 pm
6:02 pm
>> the cyberattack information. do you agree or disagree with that? >> i do not. we give that industry. you can look at that. when they see that, they can tell us. i think that is the first right step, senator. i think if we go too far, it sends the wrong message. we can take this journey and learn as we go on at. >> so you believe that dod -- general cartwright said that the former vice chairman of the chiefs of staff, dod is spending 90% of its time playing defense and 10% playing offense, and that the detriment should invert -- the department should invert this ratio or we will have negative consequences. your answer, as i understand it, is that we will act in some way
6:03 pm
or fashion. perhaps you can be a little more specific how we can regain -- how we can gain the offense here. >> i actually agree with his statements, and i would like to characterize it in my words if i could, senator. more than 90% of our force was developed -- all of our force in cyberwas on the defensive. we did not have an offense that capability. what are we looking at now -- we are looking at how to grow that. the offense of capabilities primarily lie in the exploitation capabilities of nsa and others. we are developing those. i agree that we need to develop those more good we are working on that with the services, and that is part of our growth plan. in terms of this, senator, i don't want to give you the impression that i don't believe we should defend the united
6:04 pm
states. ideal. but i do think we can do that in a way that works with industry without having us in the middle of the network. meaning, they share the information with us. >> according to industry -- they do not need additional regulations. they need the ability to share information rather than additional government regulation implement it by the most inefficient your rocker see that i have ever encountered in my number of years as a member of congress. we wasted millions of dollars on a virtual fence on the arizona mexico border. it has not made in advance of easing passengers transit from one place to another. it has shown an incredible ability to illustrate and efficiency at its best. i thank you, mr. chairman. >> thank you, mr. mccain.
6:05 pm
senator lieberman. >> thank you to both of you. i have a disagreement. the first thing i want to do briefly is come to the defense of the department of homeland security. we have not had a major terrorist attack since 9/11. you have to give the leadership by person -- by person and the thousands of people who work at dhs some credit. second, in terms of stovepiping. i think a better analogy here is to compare the relationship between the cia and fbi to the relationship between cybercommand and nsa and dhs. cia has authority outside of the united states of america. the fbi has authority -- i'm speaking about terrorism were threats to the nation. the fbi has authority within the
6:06 pm
country. the problem before 9/11 is that they were stovepipes. there were not cooperating enough. in the same way, and essays cybercommand has the responsibility to protect america. america is a jewel. along with many other responsibilities that you have. dhs has a domestic responsibility. a preventive responsibility. in that sense, it is a little less expensive than the nsa. the interesting thing to you testify to, and i think that senator mccain was not hearing, you were building exactly that kind of cooperative relationship between nsa cybercommand, dhs, and the fbi that did not exist before 9/11, and the fact is that senator mccain and i introduced an amendment to the national defense authorization act last december that codifies in law the working agreement
6:07 pm
between nsa and dhs. incidentally, i will just say this for the record. i have talked to mcconnell, i have heard him speak in a public setting. he thinks that both bills are not strong or not, but if you ask him if he prefers the cybersecurity act of 2012 or the secure i.t., which some of my colleagues have put in, he could not be clearer. secure i.t. does not do it because it does not provide defense appropriation the private sector. i know the private sector is lobbying against this. this is a terrible trap here. this is not just a question of regulation of business. this is a protection of our homeland. you have told us in response to senator mccain's question.
6:08 pm
cyberattack is the main area of vulnerability behalf today. shame on us if we look at this as business regulation. this is homeland security. we have to get together before too long and make this happen. i want to come to the particular difference between the two bills. there are two critical things that have to be done. one is information sharing authorization. the other is protection of the most critical cyberinfrastructure, which is owned by the private sector. 90% of it, finance, transportation, electricity, water, all of which is vulnerable to attack. both bills have information sharing. the bill that senator collins and i introduced is a provision
6:09 pm
for dhs to work with the private sector. not every business to take certain actions to defend their network to defend our country. general alexander, i just want to have you confirmed this, what you believe that we need both of those authorities and governments. that is information sharing and a system for protecting and better defending privately owned critical infrastructure. is that right? >> senator, that is correct. as you stated, that is the hard part. it is determining. how do you do that? but i do think we have to set up some standards. we use what we call the gold standard the gold standard was one that we thought provided our networks the best defensible posture. we give that out for free. we put it on the nsa.gov.
6:10 pm
as we work with industry, the issue is how do you make sure that they are as defensible as possible without being overburdened or it we have to set that up. it is like roads and cars. >> exactly. these are standards for what we have to do to defend our country. they are then going to figure out how to do it. businesses are understandably worried about the bottom line here we have to be worried about the security of the american people. incidentally, i take it from what you said earlier that the fear of a cyberattack against the united states -- i mean a major cyberattack, is not theoretical but real. >> that is correct, senator. >> it literally could happen any day. i am not predicting that it will, but right now our privately owned cyberspace
6:11 pm
infrastructure as compared to dod, is vulnerable for attack. is that correct? >> that is correct. may i add that it is my opinion that every day the probability of an attack increases as more tools and capabilities are on the internet. >> right. it is very important for people to hear that. i want to relate the requirement on the most critical and for structured to take action. your description, which i thought was excellent, when you see an enemy coming, you made it very clear that you do not want nsa into our private cybersystem. but you need to have the private cybersystems be able to tell you when an enemy attack is coming? is that bright? >> that is right. >> to me, that is probably the most significant thing we can
6:12 pm
have for dhs and setting that standards for defense. i hear so many stories about critical infrastructure operating systems using defensive systems that are 15 years old without even basic protection capabilities. i think one of the most important things that are going to happen as a result of the system we are talking about, is that the most critical infrastructure -- not every business at home, but the most critical infrastructure, will have to develop within itself were higher some of the private companies that do this, or higher some of the private companies that do this. we need to spring into action to essentially counter attack. is that correct? >> that is correct.
6:13 pm
and under what conditions is what the department is looking at. when we actually do that, those will become the rules of engagement that we are looking at. >> your relationship under the memorandum that we codified into law with dhs working -- is it working well? >> it is. it is growing. secretary napolitano is wonderful to work with. she came out to nsa cybercommand insight on all of us. her heart is in the right direction. she understands what we bring to the table. she leverages that, not only in the cybermission, but across the board. i think we are making correct stripes. that is the team that i think the government wants and needs in place. the reality is we can put all of our manpower in journal, and it won't solve the problem. we have to work together as a
6:14 pm
team. i do believe that that is the best way to approach it. to answer your question, dhs is great to work with. they are growing their capabilities. we are providing a lot of assistance to them, and we think it is a good relationship. >> that is exactly what i was told, a good relationship. they are benefiting from your expertise. >> could i add a comment. >> if you make it brief. >> this is about balance responsibility. when you look at balancing responsibilities between the military, the intelligence community, law-enforcement, and dhs, if we were not talking about cyber, we know how to do that. we understand what that balance looks like. we understand that when dhs needs military support, we have support of military authorities. we have ways to provide support. the question is what happens when you add cyberspace to this mixture, and that is the
6:15 pm
knowledge that we are trying to make sure that we are striking. that is an important point for us as we go forward. the bottom line is all this working together to improve the protection of our nation and national security. the second point i would make quickly is there are basically three things we will have to do. the first is to protect ourselves better, related to cyberspace, for the very reason that you mentioned. the second is that we have to become more resilient. we will not be perfect at protection or defense. we have to be more were so yet, particularly on the military side. and last, we have to balance everything in a better fashion as we go forward. >> thank you, mr. chairman. the first question i'm going to ask, i already know the answer. but i have to ask you just to get it in the record. in yesterday's wall street journal, they talked about president obama's meeting with
6:16 pm
russian president vladimir putin president obama said, and i assume he said this without knowing the microphone was on, disney to be in the record and i ask that the record reflect this accurately. on all these issues, but particularly missile defense, this can be solved. but it is important for him with russian president vladimir putin to give me space. this is my last election. after my election, i have more flexibility. so the question is, do either one of you want to comment? >> i didn't think so. the second thing that i would like to mention -- first of all, i think you are making the trip he made out here. just very briefly, tell me what you found out during your visit? >> thank you, senator. first, there are two things.
6:17 pm
i am really in with the way the american people, especially also, the way that they have funded the university and the young folks to go there could come my perspective -- and one of the key things -- tulsa university is doing -- they are coming up with better ways to protect networks. when you look at what those young people do, they find problems in networks. if we now made some slight changes, i think those changes and upgrades and security of those networks would make them more secure. what i found was tremendous young people doing great things. some of who we have hired, and we continue to higher from tulsa and other universities that are doing programs like that. thank you. >> i think you. thank you.
6:18 pm
behind the university -- it is a good program. general kehler, just a moment. during the time we were considering the bill a year ago, we were talking about the fact that president obama was weighing options for new cuts on the new arsenal unilaterally. that was in an agreement with russia to bring it down to the 1550. it was a month ago, as reported, president obama is weighing options for sharp new cuts, potentially up to -- and these are the figures they used, 80%,
6:19 pm
proposing three plans they could limit the numbers as low as 300. in 2008, i remember secretary gait said we must maintain these weapons ourselves to reassure over two dozen -- allies and partners who rely on our nuclear umbrella for their security, making it unnecessary for them to develop. i would like to ask what kind of implications this would have in terms of the allies, the 30 other countries under our umbrella. if we were to bring it down under 80%. >> sir, i would make a couple points. first thing i would say, as i said earlier, we do not start with numbers. we have been starting with strategy objectives, national security objectives, etc.
6:20 pm
the study referred to is ongoing. there are no conclusions have been reached as of yet. it is not for me to comment on the study. strack, has been able to submit in the study. as i said earlier, there are opportunities here for additional reductions. >> unilateral reductions? >> i'm going back to the review -- it has been best to do this with russia to the russians and u.s. arsenal have this conversation, doing this with russia is certainly the preferred way. i think that they need to continue to deter and to ensure allies remains. >> the point i am getting at is the key word, unilateral. that is what concerns me. >> yes, sir. >> let me just talk about a
6:21 pm
couple of other things. general kehler, this was the triad -- i think it was about 2004 or 2005. he could get this updated, worst of all, during the consideration -- first of all, the president says i intend to modernize or replace the triad strategy nuclear delivery system. heavy bomber, air launched cruise missiles, and nuclear powered submarines, and maintained the united states industrial base. he goes on and elaborates. the statement was made after this chart. you have an up date a chart on this -- do you have an updated
6:22 pm
chart? >> may i get back to you? >> you certainly may. the last thing is relating to the technical nuclear weapons. both sides of the aisle have made an effort to include nuclear weapons at the time that we were looking at the new program. as it is right now, it is about a 10 to one advantage of a -- russia over ourselves. you agree do you agree it should be part of the plan? >> i do agree that it should be part of the plan. >> thank you, chairman. >> senator nelson. >> thank you, mr. chairman. inky for both of your service and remarks today. i appreciate it very much. general kehler, and general alexander, comments today in all the discussion for some period
6:23 pm
of time has indicated the growing pet of the -- the growing pet of cyberwarfare on national security. as we engage in this discussion, there is an ongoing restructuring stratcom headquarters. general kehler, can you give us indication why an aging facility would not be appropriate as we take on new responsibilities, but particularly as it relates to high-tech cybersituations. >> general alexander, if you have thoughts about that, that would be helpful too. >> activities that go on at stratcom are unique activities. we perform those activities particularly, the command and control of our strategic forces, the plan that we do for our
6:24 pm
intelligence support that is required behind our continuing need for strategic levels and being able to command and control forces under high stress. all of those come together at stratcom headquarters. the demand that today's systems place on those headquarters building, have far outpaced the ability of the building to keep up. not only do we have older abilities -- laurel believes -- but we have physical complications as well. you are aware of some of the catastrophic failures in the building systems themselves that have threatened to take that one-of-a-kind and make it an operable for months. we barely ever do that kind of catastrophe a year ago in december.
6:25 pm
with a flood, of all things, in the basement. as we look for ways given the unique nature of what we do -- the one-of-a-kind responsibilities that are performed and the importance of all that of that in our deterrent posture, the conclusion that the engineers reached was that you could not modify the building. basically what you needed to do is go and build a new command and control facility that houses all of the activities that we are going to need to perform. that romance my assessment today. that remains my assessment. we need to get moving. a corps of engineers has responsibility. things seem to be moving forward, at least everything that i can be aware of. much of his needs to be in the
6:26 pm
realm of the corps and others. the bottom line is the recognition that we do something unique, that it isn't about a brick and mortar building. it is about what goes on in the computer systems and the need for support systems, information technology, and the supporting networks that all that together so that we are prepared to continue to perform this deterrence mission as far into the future as we can see. >> thank you. as you know, when it comes to the replacement facility, nsa has referred for five years of construction of the cmrr placement facility. is this the way -- is a concern for you, not only meeting responsibilities and obligations and commitments on the new
6:27 pm
s.t.a.r.t. trading, but just in general, keeping our arsenal current? >> senator, it is a concern for me. of all the items in the 13 budget, those items are associated with strack comes -- stratcom's portfolio, there were adjustments and other things that were made. we can manage risks with all of that. the ability of the complex to provide us with weapons we need that have appropriate life extensions that give us the ability to manage the hedge and look at potential reductions as we go to the stockpile. the thing that continues to concern me the most is her investment in the complex. the issue with cmrr does concern me. the 2013 budget does provide for
6:28 pm
us to get moving in a number of areas. the secretary of energy and secretary of defense sent letters that reminded everyone that we are not sure what will happen in 2014 and beyond. i remain concerned. >> it could be appropriate to at least start the process as in the case of the stratcom headquarters, which will be phased in funding over several years. otherwise, it looks like we have just put together a building in duct tape, structured to get us through 2013 budget wise. >> senator, this is ultimately we owe you the alternatives. i don't have them with me today. we do not have yet viable alternatives that we can present. i do agree with the main rest
6:29 pm
here. i see no alternative as we look to the future aside from modernizing the complex. regardless of what happens, we have a fairly extensive backlog of weapons awaiting dismantlement that were quite the same kind of a modern complex to dismantle. from both sides of this equation, we need a modern weapons industrial complex. we need one that is highly unique and specialized so that we have a save secure deterrent. >> it is hard to draw an analogy other than to say -- trying to put together something that a stopgap basis -- what we might do here is beyond and particularly, with an aging stockpile. senator, we owe you some
6:30 pm
answers. the study to produce those is underway. >> enqueue. >> general alexander, as you relate to the responsibilities of cyber, i think he made it very clear that there is a role for the dod -- there is a role for dhs. we are continuing to find ways to work together. it is a reduction of still putting that has been so predominant in the past or it are you comfortable that the agencies that are all trying to work together understand the important need not to scope -- even comparable parties that will go to different agencies that will continue to work together on this important threat to our country -- to our business, which is also a threat to our country? >> senator, i do. >> thank you. vicki mr. chairman.
6:31 pm
>> senator nelson and senator brown. >> general kehler, do consider the global strike command valuable -- let me restate that question. do you consider the air operations groups currently supporting a valuable resource? >> senator, we do. >> are they irresponsible irreplaceable? if we didn't have them would we be in trouble? >> the entire force that global strike command brings to stratcom, in fact, that is one of our major components. they bring us the b-52s and b-2's. they also bring us the entire icbm force.
6:32 pm
they bring us an operations center that allow us to manage all of our stratcom. >> that actually provides real-world time sensitive planning as well, is that correct. >> that is correct. >> that is why i'm concerned about the airmen, they have eight great mission and their air group, by providing exactly what you have indicated. the replaceable real-time sensitive support, and yet i have heard that the air force wants to break up this valuable, a replaceable unit to save money. i was wondering if you were aware of or were given the opportunity to comment on that puzzle affecting that group in particular? >> senator, if i could take that for the record, i would appreciate that. i don't know enough about the
6:33 pm
detail. >> it would be helpful. i agree with everything you just said in your opening statements to my question. it is not a replaceable group. the air guard, in particular, and army guard and reserves, they give you a great lu for the dollar. i am deeply concerned that we are cutting off -- it is like the air force is saying that i'm going to keep everything here, and we are going to take away what you have, and i have not been yet convinced that these cuts represent an acceptable level of risk or efficient use of money. i will ask very specific questions for the record. i'd reshape that. i know we are talking about cybersecurities. there are many proposals -- the
6:34 pm
military is working on a list of things. how are the rules of engagement actually working or being implemented coming along with cybercommand operation? >> senator, right now we are upgrading -- >> and i meant that to you, thank you. >> right now we are updating, if you will, the rules of engagement that the chairman out what they did in 2005 at given where we are today, the joint staff has taken on to update those. right now, all of our measures are internal to our networks. what dod is authorized to do. what they're looking at within the inner agency, what are the next steps that we should have and how we take those steps. i think over the next month or two, the joint staff will complete those standing rules of engagement and move those to the
6:35 pm
interagency and share those. >> what segments of the private sector should fall into dod's responsibility, if any? >> this is where the discussion comes in -- >> let me just extend on that. what entities will be considered as an extension of? >> those are decisions the administration will make when we implement respond options to support or defend against an attack. that is the first step. let me start with technically what we are doing. i think the first part of that, senator, is to have information sharing. to know that it is in fact going on. that is the ability to tell us that something is happening. either fbi or domestic dhs, and if it is foreign, this is
6:36 pm
something they will respond to. the issue, and what we will walk her way through candidly, we have to start someplace. having industry take the lead with dhs on providing the insight of what is going on, that is the first right step. it is the best that we can take. more importantly, we need to take that step. we cannot wait. i think your question and where you're going on this is absolutely right. we have to take measures now here those are absolutely important. my concern in the statement that goes to that, is if somebody is attacked, the way we find about it is after the fact. we can't stop it at that point. now you are in the forensics mode. that is something that everybody agrees on.
6:37 pm
>> been options come up to what industry is included in that. and those are parts of the bill. >> that is great. but we do not have all the answers. i can tell you that firsthand. we have created a bill that has so much red tape and duplication that you can't get out of your own way. i would ask for your recommendations and guidance to be part of the process and let us know what your thoughts are and where you feel the weaknesses and strengths lie. i am deeply concerned. i think you are right. i know that you are right that we are always reacting instead of being proactive when the attack happens. we found out about it afterwards. protection will -- our property and intellectual assets were stolen. as you know, -- do you have
6:38 pm
enough legroom from the authorization point for the earliest possible opportunity to defeat a cyberattack before it's launched? >> those are some of the issues that are being included in the rules of engagement. i am not sure until we are complete with that. we are pushing for what i think we need, and what the chairman and joint staff and osd will do. being extremely candid on this, it comes down to whether those actions that we can do defensively, and then the missile shootdown. it makes sense to stopped that attack from going. some of those other things, that might be a response option. the president and secretary are
6:39 pm
stepping in to start making those decisions. that is probably where we will end up. that makes a lot of sense from my perspective. >> thank you very much to both of you. this is an issue that concerns me and many members of the committee. i will be submitting their questions for the records on track record, i think i need a little bit more understanding. thank you very much. >> thank you senator brown read senator hagan. >> thank you mr. chairman and both of you for your testimony and your service to our country. general alexander, the administration believes that it is crucial for critical infrastructure to carefully diagnose cyberporn abilities and to take steps to eliminate these risks. the administration has proposed risks to make sure that industry
6:40 pm
stands up to the matters of national security. the menstruation is also seeking to defend that the u.s. cybercommand have developed for dod and are critical of the structure. the administration is seeking to implicate is that either one alone is sufficient to meet the threat to others, however, take the position that information sharing in conjunction with the national security agency defensive solution would be not at that it is not necessary to require critical infrastructure companies to build up their own defenses. do you believe that nsa's signature defense pilot program can defend our nation's critical and the structure against cyberthreats, or do you believe that the critical infrastructure also needs to close the risks.
6:41 pm
>> senator, first, i think it is the latter could we need both. i would like to take it one step further. i don't think what we are talking about is having nsa deployed capabilities. what we are talking about is nsa providing technical capability to others to run. we don't want -- mortar we want to run -- so i want to make that clear. it is not putting stuff out there for us to operate. what we are really saying is that industry has a bunch of signatures that can detect foreign threats. all of us need to work together to provide the best set of signatures to protect that critical infrastructure. industry can actually operate back and tell us when it occurs. i think you also need to have a set of standards for how those systems operate, and i will call that -- and general kehler mentioned it.
6:42 pm
we needlessly and send those networks to ensure that they can operate and be defensible while we are trying to defend the country from the outside. does that make sense? >> microsoft was a company -- they were accompanied by u.s. marshals. they rented office buildings to disrupt botnet and programs harvesting information from millions of computers. microsoft shows what is possible. it is certainly necessary now to stop cybercrime. what are your thoughts on these actions come at and should they serve as a model for other private industry, and is there a take away on this? >> senator, it shows how we can work together in industry and government. by bringing both together, we are better for it. what we have to do is come up
6:43 pm
with a solution in this area as well, and i know both bills are looking at that. information sharing is critical. >> thank you. general alexander, it is often argued that terrorist groups, such as north korea, do not yet possess sophisticated cybercapabilities to effectively cripple our nation and the info structure. general cartwright, the former vice chairman of the joint chief, has expressed doubt that those class of actions could carry out such a attack today. we are aware of the black market with possibilities to buy or rent tools, such as thousands or millions of compromised computers. these computers are deemed to be affected against any type of information system. this black market has developed
6:44 pm
to support the vast cyberactivities that have been estimated by some to now healed more revenue than the global, legal narcotics trade. this criminal money fuels research and development of modern and up-to-date cyberattack tools. could this market -- this black market enable terrorists or rogue nations to inflict significant damage on the u.s. economy and are critical of the structure. are you worried about that? >> senator, that is my greatest worry. i think the proliferation of cyberweapons, if you will, grows. we cannot discount the actions that one smart person can do. from my perspective, when we see what our folks are capable of doing, we need to look back and
6:45 pm
say that there are other smart people out there that can do things to this country. we need to look at that. from my opinion, that can go from -- as you described accurately thomas and i agree -- nations like north korea. i would not discount any of them. we have to be prepared for all of them. only one of them could do tremendous damage to this country. >> last july, general cartwright speaking as the chairman, notice that the challenges, general kehler, you raise a similar point, that we are not going to be able to go forward with weapons systems that cost what systems are currently costing today. in the and the search for a switch and to these challenges, options seem to take the form of delaying the current program to reducing the program.
6:46 pm
what are your thoughts on the pluses and minuses on the program? >> erstwhile, i continue to support the need for a balanced triad. triad is serviced well. it continues to serve us well. i think that as we look to the future, there are attributes that are spread across the triad that continue to make sense for our national security. having said that, i am concerned about the cost, so i think there are a couple of things we need to keep in mind. we need to face these programs up late. we need to make sure that we match the investment with the needs. we need to control costs. there are a number of programmatic steps. when i look at the ohio replacement program, another we are making decisions here today that will be with us for decades to come. the ohio replacement program, as far as we can see, we believe
6:47 pm
that we see the strategic need for a submarine-based part of our deterrent or it moving forward with that, even though we have had to delay the program some, it is going to be important. it is also important with our allies. it is important that we have a dual capable long range bomber. he needs to be nuclear capable, but it just won't be used for nuclear purposes. it will never be used for that purpose. it may very likely be used for conventional weapons, which is what he did he choose, the ones, and b-2s are for. that program is underway. controlling costs is going to be the big issue in both of those programs. the next question is the future of icbm. we have begun to look at alternatives and what shape and form that might take. as we go to the future, i think we will get to a number of decision points on all of these systems that will allow the
6:48 pm
future environment to shape what the ultimate force outcome becomes. >> my time is up. thank you to both of you. think you. >> senator hagan. senator ayotte could. >> thank you general alexander and general kehler for your service. general kehler, the senate support for the new support of modernization of the united states nuclear complex and strategic delivery system. specifically during the confirmation, the president committed to modernization in what became known as the 1251 plan. that was incorporated in 2010. is that right? >> senator, yes. >> if you look at that commitment in the 1251 plan, there was an initial transmitted in may 2010, and then a month
6:49 pm
before the ratification of the senate treaty, there was $4.1 billion added over five years to the plan. isn't that right? >> yes. are you talking about the dod? >> yes. that was specifically reflected a month before the s.t.a.r.t. treaty, put into the 12 of the one plan is incorporated. >> senator, i think that is right. >> the reason that was done is because modernization was such an important issue to getting that treaty through the united states senate. modernization is very important for our nuclear program, isn't that correct? >> yes, it is. >> the 2013 budget request underfunds the commitment made that was expressly made in
6:50 pm
conjunction with the ratification of the start treaty by $4 billion over the next five years. isn't k. max. >> it is lower than the level of the report -- yes it is. >> is $4 billion lower -- >> yes, i think that's right. >> the president, a month before ratification, to sign onto reductions for the s.t.a.r.t. treaty, added $4 billion because we were worried -- i was not here at the time, but many of my colleagues were worried about modernization and it we were going to make the reductions required by the s.t.a.r.t. treaty. and if the president is now following through, why didn't we include the $4 billion in the commitment on modernization, and in particular, just to break that down, senator nelson had asked you about chemical
6:51 pm
replacement facility. that is an 83% cut in that facility. in fact, we are not following through at all, are we? >> the commitment has been delayed. if i understand the budget correctly, the building has been flipped to the right. five to seven years am i believe. >> would that not be a broken promise from what was required by the 2010 and daa, and what was contained in the 1251 plan? >> it is certainly different than the 1251 plan. >> my colleagues signed on to the s.t.a.r.t. treaty. particularly, this facility that we have talked about, the cmrr facility. is it critical to modernization? >> yes, it is.
6:52 pm
>> no doubt that we needed to modernize. >> in the long run, there is no doubt that we need it. >> okay. when you were being questioned by senator nelson, you said that you owe us answers to this. is that true? >> yes. >> i think what we need is a commitment from the administration to follow through on what they promised in conjunction with the ratification of the start treaty, because without modernization of our nuclear deterrent, what are the concerns that you have if we don't modernize? >> well, i have a lot of concern if we do not modernize. i think you have to look at this in terms of -- there are four pieces to this from my vantage point. peace number one is the delivery system. as i just mentioned, there are modernization plans in place
6:53 pm
under way to take a look at the lack and what we need in the future. there is command and control. commitment to both of those. the real issue for me is the weapons. the weapons complex that supports those. in an era that we are in today, explosive package testing, where we don't do any yield testing, that puts a strain on things. it strains the science and engineering skills that we make sure that we have inappropriate understanding to be able to do those extensions without nuclear testing. we have issues with aging. most of the problems with the weapons that we have today is that they are reaching the end of their lifetimes in various stages. being able to have life
6:54 pm
extensions for those weapons is also very important. at the end of the day, if you have a more modern complex, we think we can probably have a smaller stockpile. the way that we would hedge against failure would be different as we go to the future. >> but if we just reduce our stockpile, and do not modernize, are we taking on additional risks? >> or arson areas where there can be additional risks. >> i would certainly like to know why, as reflected in the dod budget, the menstruation has not followed through on its commitment to modernization, because i think that was critical, as i understand it, toward many individuals that were concerned about that in the debate over the s.t.a.r.t. treaty. it is an important issue, and that is why it was included in the s.t.a.r.t. treaty in 2010. i would hope you would get back to that four s.
6:55 pm
>> we were recognizing that nothing was immune and we went through the budget reduction to include the nuclear force. i believe that we balanced the investments in much of the portfolio. it doesn't look like -- i think we balanced much of it. what concerns me most is the industrial complex. >> thank you. i also wanted to follow up with a question about russia. as i understand it, historically, general kehler, why did the russians not want us to improve our missile defense system in europe and expand it? they are concerned about that. why is that? >> i can give you my understanding of where i think they are. they are very concerned, at least in the informal contacts that i have had with some russian officials.
6:56 pm
they continue to say that they are concerned that our deployment of a missile defense system, will tip the strategic balance in our favor. that will render their offensive capabilities development -- irrelevant. >> my time is up. when the president said that essentially he had to give them space, to the russians, he was really talking about their concerns about as expanding or enhancing our missile defense system in europe. even in the continental u.s., it could be interpreted that way because the russians do not want us to do that. i'm concerned about that statement that senator inhofe asked. what does it mean in terms of
6:57 pm
the russians going forward, in protecting the united states and our allies. they do very much. >> senator blumenthal. >> enqueue very much for your service to our nation. in each of your commands and responsibilities and to the men and women who serve under you. general kehler, if i could begin just briefly following up on a remark he made about the ohio class of earning. you said it will be important as far as we can see into the future, i am not quoting you directly, but i agree completely, and i wonder if you could speak to the significant of the ohio class submarine replacement in terms of what its value is, how does it add value
6:58 pm
to our strategic force, and why is it so important that we continue building it without further delay? >> senator, each of the elements of her nuclear deterrent force brings something unique to the mixture. the strength of the overall deterrent has always been in the sum of its parts. as we look at this today, and as we go to the future, the inherent survivability of the submarine-based deterrent has been of great value to us. it continues to be of great value as we go forward -- at many levels. strategic stability is built on survivability. he understanding that neither side possesses an overwhelming advantage to strike first. even in the event of that kind of a highly unlikely -- and the
6:59 pm
world is different today, and we understand that -- but stability, particularly in him for seeing crisis as we look to the future, something that would arise that would put us in crisis with any of the nuclear contenders -- having a survivable element of our strategic deterrent is extraordinarily valuable. we believe that that remains valuable as we look to the future. you can have survivability a lot of ways. an airborne aircraft stands off on some. there are lots of attributes there that get survivability. but we have looked at our submarine force as providing the bulk of our survivable deterrent -- in particular the day to day deterrent. .. ..
7:00 pm
this one and the long-range strike bombers are both at the top of my list. by the way, we don't talk much about the need but the need for the replacement tanker is equally important to the strategic command and that is of course under way with the air force base. >> general alexander, i was struck by new your testimony and
7:01 pm
insightful and helpful testimony about the wide-ranging bill that of potential cyber threats relating to espionage and intellectual property theft as well as the potential infiltration of social media, and it reminded me of a separate and perhaps and related, but perhaps not an aspect of problematic conduct involving social media that i have highlighted recently which is the demand that employers have made for passwords, login information from prospective job applicants or from employees, which enables them to invade the private communications, e-mails, chat, private accounts of their employees, and potentially
7:02 pm
people with whom their employees communicate including potentially servicemen and women with loved ones our families or servicemen and women for jobs. i wonder if you can comment on the potential security threats apart from the invasion of privacy that may occur for the demand for information from employees about their security accounts and also what the needs are in terms of background checks and agencies. >> i think first of all asking for the potential employees for their house words now is odd from my perspective to say. i think the issue that i see in here is a couple of things. how do you secure those so that
7:03 pm
somebody else doesn't gain access to all. one of the senators had a great comment about the theft and what was going on and i think senator hagan, what she's seen and if you make it easier. i am concerned about that. i'm not sure about the foreign threat to this as i am to what that means for the future. cyberspace, we have some tremendous capabilities, we as a nation. the ipad, the iphone, and i think people should be, feel free to use those and know they are going to be protecting both civil liberties and privacy and as a country. i think we can do both and i think we should push for both. this is a new area and you can see you are hitting on some of the key parts when you look at how the companies are wrestling with this how do you provide maximum benefit without intruding. i think that we'd be an issue we are going to wrestle with for
7:04 pm
several years. >> when it strikes you as odd, i assume -- >> a very well chosen word. >> it may be a euphemism for strange or unnecessary or invasive. >> senator, i'm not completely up to speed on all of it. i don't know all the facts that go with it. my initial reaction is that it doesn't seem right. that's what i meant, but i don't have all the facts. >> thank you, general and for your great work on this issue. i hope he will give a thought as well and i may ask you a question about it, regarding the potential use of the national guard, cyber units and how they can better assist you and the cost effectiveness of building those programs through the national guard. >> there are a number of those and i will start with the maryland national guard, you know, go out to washington there are some great ones and i'm sure
7:05 pm
connecticut, too. i think this is an opportunity where the national guard has some technical expertise as civilians working in this area especially when you work in a high technical area, so this is something that we can leverage and we are working on it. >> thank you very much. >> thank you, senator blumenthal. senator collins. >> thank you. general alexander, i very much appreciate the attempt that you meet today to clarify the role of the department of defense versus the department of homeland security forces the fbi when it comes to dealing with cybersecurity. as the discussion today has indicated, i believe there is a lot of confusion over who does
7:06 pm
what and who should do what? and as you correctly said, this has to be a team approach, and dod, dhs and the fbi have different but complementary roles. so what i would like to do, since they saw on some of the questioning that i've heard today, i think there's still a little bit of confusion is just take you through a series of questions in hopes of clarifying who does what. first, let me say do you agree that our critical infrastructure today is not as secure as it should be? >> senator, i do. >> second, and related to that, several studies and experts have told us on the homeland security
7:07 pm
committee that critical infrastructure operators are not taking in some cases even the most basic measures such as regularly installing patches or software updates or changing passwords from the velte settings, and those are pretty basic and known vulnerabilities. would you agree with that assessment? >> i would say, i would add to that we have seen that in a number of cases in another area as well. >> in addition to just the critical infrastructure. the reason i am focused on the critical infrastructure is obviously there's been an attack on critical infrastructure the consequences are so much greater than if there is an attack on one particular business even though that, too can have
7:08 pm
significant economic consequences and cause many problems. so, my third question is to try to better define the role. would you agree that the department of homeland security has the lead role in interacting with the owners and operators of critical infrastructure to get them to strengthen their protections, harden their defenses up front what as opposed to when an attack occurs? >> i do agree with that, senator. stomach and the distinction that i'm trying to make is once there is an attack while that has a significant consequences that dod would become the lead agency
7:09 pm
just as you are whoa, what if we were attacked by missiles from is that an accurate assessment? >> that's correct. some of that is where i think the confusion lies. is the department of homeland security under the current practice of this administration and under the legislation senator lieberman and i have offered that to read the which strengthen the defenses of the critical infrastructure and with the industry will which is absolutely critical that it be collaborative work, the department with industry would develop risk-based performance standards. is that your understanding?
7:10 pm
>> that's my understanding, senator. >> the reason for that is to ensure that the owners of critical infrastructure implement these risk based performance standards but i would point out to my colleagues this isn't a new bureaucracy as we've heard today. it would be a collaborative effort, and the owners and operators of the critical infrastructure would decide how to meet those standards. it would not be dictated by the department. is that your understanding? >> that's my understanding. senator, if i could i think that is a key point because i think the concern that i hear, that we all your is just that a key point. how do you do this in such a way that helps industry without, and i would use the term over regulating and this is outside of my area of expertise but how do you get them the standards
7:11 pm
that help them build a more resilient network and defensible network if you will? that is the key to this, and i do think that is the key issue that you are wrestling with. and i think that is where we can provide technical expertise to the dhs and others, and i think that's where we've got to partner with industry and i agree with the leaves stated that is extremely important that bringing the industry folks together when is leggitt because they want to be the player in this. we need the expertise of industry and nsa will, dhs of everybody working together the results of the investigations from the fbi because this is a huge problem and it has consequences for our national security and our economic
7:12 pm
prosperity and it is so critical that we work together to solve this problem, and i know that this what you are committed to doing and that is what you are doing. that is the one final point that i want to make today. nsa is already working with dhs. for example, at the 24-hour, seven days a week entity that has been set up there is an exchange of personnel between the dhs and the nsa; is there not? >> there is. >> under the bill that senator lieberman and i have introduced to try to get that essential disability that you emphasize is
7:13 pm
so important we would require mandatory reporting in the event of an attack because this can't be discretionary effect there's a significant attack critical infrastructure and critical infrastructure is defined as infrastructure and attack upon which would cause mass casualties, severe economic impact or a serious degradation of our national security. so do you support requiring that mandatory reporting in such cases the? >> i do, senator, and i think i would add that as we discussed earlier that in order for us to help prevent it, it has to be in real time i think it is absolutely vital. >> and the reporting and the information sharing under our bill is directional as it has
7:14 pm
become the latest craze to be used. in other words, it is in both of the directions to read even the nsa, the capabilities of which are a unparalleled but can learn from the private sector i think you learned that in the study where there were some signatures the private sector had that nsa might not have had. is that accurate? >> that is any direct and logical as you think about the different things for different sectors of the government, different tools for different sectors of the government, and that's one of the great things we've learned and how we've got to go forward on the defense industrial pilots. >> thank you very much and mr. chairman. >> senator udall. >> gentlemen, thank you for being here. general alexander, but me turn to you first went, the cyber
7:15 pm
attacks on the electricity grid here in the united states and the potential effects of such attacks would have on the critical missions especially during an emergency periods of problems power outages and in the region and interested to know about the potential cyberattack and the gulf when all that electrical infrastructure that the military depends on fuel that can be produced with electricity that runs oil extraction wells and and that powers pumps for offloading fuel for the storage and use. and we have a an assessment of how dependent the u.s. military and the gulf is on the electricity infrastructure, to we have a backup plan if there
7:16 pm
would be a prolonged outage and do we understand the constitution and of former nobility in the persian gulf well enough to measure the effect on the oil production transportation system for special but not limited to the oil refineries. >> senator, but you're going to ask me if i got the new ipad. i thought that's how we were going to start. so i did, got the new ipad. it's wonderful. >> we are envious. >> that's a really good and complex question so let me expanded if i could come out to make it harder, so the underlining christopher in the gulf states and other parts of the region the military normally will have backup power for military operation has generated power and other things to operate our critical capabilities for our computer networks and for our operations we have backup power or critical
7:17 pm
infrastructure that is not the same for the flow of oil and electricity throughout the region, and i think the concern that we have, the concern that i think everyone shares is when you are driving at. note that this is one of network, one global network of little pieces will interconnected so you can be anywhere on the network. my concern is only in the gulf but here in the united states. so as we go forward in a crisis, no matter where it erupt is increasingly the probably that cyber will be part of that crisis and we've got to be prepared for it and it will cover all the things you mentioned, because those are the easier things to attack and have some significant advantage for the adversary. >> so you are saying we've got more work to do to understand the potential threat and prepare for it. >> we do, and i think we're looking at how we defend the dod
7:18 pm
network, great progress there, with senator collins we just talked about defending the critical infrastructure and support to our allies. i think all of those have to be laid out and discussed and it is growing. >> also what i was saying in with the flow of oil could also be affected in this realm of cyber attacks and we need to be prepared for that in addition to the estimate it could be. i would not put that highest on the list. i think the electricity -- you could see how that all depends on flow and things opening of in the systems if you will. >> so in that part of the world they are vulnerable and also dependent on a far reach of the u.s. or europe or the asian oil markets as well. >> thank you for that. obviously more attention needs
7:19 pm
to be paid to that. let me move to the question dealing with a computer africa exploitation versus computer network attack how do you draw the line between the two and how does the government change the legal authorities funding personnel and infrastructure when moving from cne to cna? >> cne, computerland predicts petition is done under title l which is not done solely but largely under title 50's that would go to the intelligence community and fall under the executive order 12223. while title x is normally where we would conduct the computer network attack. duke also do it under covert action. in times of crisis and war and our operating elements would operate computer network attack and exploit under title ten and would be done in conjunction with title l savitt would have to go. the good part about training of
7:20 pm
the forces together and operating together is to ensure that we the conflict this kind of things and goes back to the defense, the same thing on the defense and that's why i think the good part about putting the defense of read it with the exploit attack is the one team, not the two different teams which is what we had until 2008. >> you sound as if we are well prepared to deal with those differences. >> we are well prepared to deal with those of think there's a lot we have to do and that includes the force and training. that's the most important thing i think we can do right now. i think the partnership with industry is critical. i'm learning of the protected critical infrastructure those are the right things to take. i think all of these are in motion i would just like to go faster. islamic have we conducted, and i mean the united states government, your command and exercises to get at this cna and
7:21 pm
cne handoff and the relationship that you felt like? >> we have a great exercise in las vegas, outside las vegas. we actually never got to loss vegas. it would have been hamdi in las vegas. >> i think with some of the things we learned our what you say, i can't go into all of that. there was a tremendous exercise and the air force credit to a wonderful shot and we've brought in all of our capabilities and components, and some tremendous lessons learned. i think the classified level we can go into those and when you see that he would say okay we are headed in the right direction and i think, senator, we are to be a disconnect and i will see it in a classified setting it submitted the future. >> i think afternoon.
7:22 pm
>> you may want to take part in this for the record how you see the relationship between the nsa and cyber, each holding the changes? >> i think, senator, they are inextricably linked and i would put it as a platform. you do not want any more than we wanted dhs to recreate an nsa. we don't want cyber command, as we need the components of the dod to work closely together and it's got the technical talent, the access, the capability. cyber command of the forces to deploy and the capability to leverage that platform and work with of the intelligence side to further support the combatant command. so i think that relationship is growing and it has been in the right direction. that is one of the things that we've talked about and we both strongly agree is something that we have to maintain. >> thank you. if you want to apply further for the record i would appreciate it. thank you for your service as
7:23 pm
well. >> thank you. >> senator chambliss. >> thanks, mr. sherman and gentlemen for your service. general alexander i think you particularly for your trip down to the fort where you gave a pat on the back and a boost to some of the smartest, hardest working most committed americans who are doing a great job of helping to protect our country and i think you for doing that. at nsa fort gordon. general alexander, cyber, you said at 13,000 employees. let me make sure i get this right in my mind. actually you have 13,000 personnel under your direction to read cyber, itself has maybe about a thousand or so.
7:24 pm
as the medellin drug thousand authorized to this been a also operates and direct the defense of the duty network's but that's correct. so the cyber and the other 12,000 is our army cyber command islamic i wanted to make sure i understood that. v nsa today does a pretty good job of intersecting and protecting the .gov networks. in fact i have heard you say that you have the dod information systems probed as many as 250,000 times per hour over 6 million times a day from criminals commit terrorist organizations, including 100 foreign intelligence organizations. even with that huge magnitude of
7:25 pm
hacking into the system, general, the nsa has done a remarkable job of predicting the system. are you satisfied with where you are in the regard today? >> actually, i'm going to answer this twice and contradict myself. we are making progress and doing a good job on it but we are not where we need to become a senator and there are two reasons i say that. i do think we have the best defense right there but they could be better for the future for the military command to control it must be better so i think the modernization the defense department is looking at is the key part to even make it better. >> the legislation that we're talking about with it is the administration or the lieberman kyl wins one in the same or the alternative legislation, neither one of those address that issue. this is where what you are doing, protecting .gov, right? >> that is correct in her part.
7:26 pm
if i could say the slight difference is the information sharing of those things we do to protect our networks that go beyond what he would normally do for the civilian networks are things that should be included in the information sharing parts of both. >> i'm going to get the information sharing in just a minute. now, going one step further, nsa also monitors the industrial base one come and there's been numerous attempts and it may be within those numbers that i've heard you use before heading into the defense industrial base have happened, and nsa does a good job of protecting those scenarios where that has happened, you're notified and able to respond to it. am i correct? >> not quite. there's a little innuendo here that i think is extremely
7:27 pm
important. the internet service providers operate that. we provide them signatures as to the other industry players and the internet service providers to actually do the work. the reason that is important is i believe that is how we can scale protecting other critical infrastructure into the mechanisms the homeland security and others are working with, so the key part of what we bring to the table and fbi and others will bring our the specific things we see going on in the network that may be sensitive for classified so we bring that but they operate. the part we are able to work with is to understand that they will protect and safeguard classified information. that's a key element in this approach. >> my point being that your relationship with the internet providers today allows that defense industrial base to have that protection.
7:28 pm
>> that's correct and now it's been taken over by the dhs so they are the lead interface. now they've been doing that for six weeks. we are at that table and provide technical support but they are the lead on that as well. >> looking at another what i would say you probably consider critical infrastructure or the electric grids. if the electric grid is packed into today, there is a mechanism in place that was developed by ev industry where if they see something unusual and then they notify nerc and they go to moonves sert and notify on the department of homeland security and they are able to provide protection to the good under the voluntary standards that the industry but for word am i correct? >> yes but i think, senator, that is slightly different because in those notifications you, out of real time to now a
7:29 pm
part where actually we are in the forensics mode so they are telling you something has occurred and by the time it gets to u.s. sert what they could do is not present it but not only help them understand it. i think the information sharing part of what you and others have proposed would take that to a more real time capability or at least allow that where they could see i see this happening until the industry could tell the government that is occurring so that you could take it from the forensic side to the prevention side which is hugely important for the protection of the country. >> coming back to what you just alluded to it stated earlier in the that is on information sharing this is the key as the understand it from the standpoint of being able to have provide blanket protection to every segment of the economy or every industry that once the protection of their that needs the protection if the of the
7:30 pm
capability of sharing proprietary information with both of the government as well as she and other industries and isn't that the crux of of what it's into who take to protect all of the industrial base from a cyberattack in the short run as well as a long run? >> not actually. from my perspective, senator, the issue in this part applies in the two great capabilities. the one that we provide i believe they want that. they want to know what are the orange state and the sensitive things. the industry also brings together mcafee, semantic, lockheed martin and all things in this area and also brings a wealth of knowledge and how to configure and operate on that works for a certain standard. it's our assumption going into those the networks like the dod networks would be operating to the standard. if they are not operated in the
7:31 pm
standard, then what happens is you have other ways of getting into the network that we possibly are not looking at. we assume the doors will be locked. if the doors are not locked, then somebody would get an order if the window was opened. what we would be doing is looking for other types of nation states and assume what i will call list of the anti-virus community generally sees and is working on today is taking care of. what that means is as you put all of that on the table that is one thing we get to work together to share information. i agree on that part and i think we have to have a set of standards, and i think that is where working with the industry just as you said how you get to that standard and how do you have the industry players work with of the government and see what is the right way to approach it. as you may know, we had a meeting a few years ago with a number of the electric companies who asked that question how we do this and who is going to tell us how we work it and if it is the approach we have to take, to help them get their in their
7:32 pm
rates of burdensome but helpful. spinnaker think that part of both of the pieces of legislation is about the same with respect to getting voluntary participation versus mandatory visible but different but getting the industry to set the standards is the key in getting the industry to share the information both pieces of legislation have that is critical part of. i didn't vote for the start treaty. one reason i didn't is because i was apprehensive about the administration not being able to devotee said they would do on modernization. thank you for your specific comment on that nothing short concerned about and that is a critical aspect of this that we look forward to working with you as we go forward it's got to be
7:33 pm
done thank you. >> thank you, senator chambliss. senator sessions. >> thank you, senator chambliss for that comment. general, it's great to be with you yesterday and talk about some of the issues you just mentioned because your understanding that senator kyl has on senator chambliss about the s.t.a.r.t. and what kind of funding would be laid out for the next decade that could modernize has not been funded and the number as senator kyl was deeply disappointed about that. 35 trouble today about this overheard conversation between the president and mr. medvedev where president obama said of
7:34 pm
all these things overheard a conversation but particularly missile defense this can be solved but it's important for him to give me space and medvedev said understand your message about space for youth. this is mike election and after i will have more flexibility. i understand and i will transmit this information to vladimir. this is not a little matter and i will tell you why it's not a little matter. we had a long debate over the missile defense and the reston's never favored missile defense. president bush was preparing to place a system in poland out of the blue and was canceled. they were deeply shocked and disappointed and so were the checks. we were promised don't worry about that we will have another system, one in effect on i felt
7:35 pm
they were trying to change the course of things and the smi three block we were going to have that, something that wasn't even on the drawing board but we were about to implant in poland a system that was proven in that we would all place in the united states. what i would say to me, the president makes its assurances and we are going to implant a new system and will protect america to cancel that one but we are going to build this new one. but the russian subject to no one would object steadfastly for no good reason i can see of the event of the domestic russian politics or use leverage against the united states. so now it looks like the president is saying we are going to take care of those concerns, too. we are not going to build the new system, not going to place it there and after the election
7:36 pm
they will take care of it. but that's not what he told the american people. but he told the congress he told a congress we were going to build the system. so i'm worried about it. i know what the significance of this conversation and it concerns me, and i'm also concerned the policy of the defense department of the united states when it comes to the nuclear weapons that you control, general, is that we are moving to a world without nuclear weapons. the complete elimination of them and the defense posture nuclear review, the defense department's defense nuclear posture review has 30 preferences to a world without nuclear weapons. this is directly driven by the policy of the president. he's the commander-in-chief. that is what he wanted and that is what the defense department put in their so that's one reason that congress insisted
7:37 pm
that we budget sufficient money to modernize the aging nuclear weapons that we have and we insisted on that and became a part of the new s.t.a.r.t. debate and the president submitted a letter to us and promised. but it's not occurring. the money isn't there. so we are in a time of great danger as i see it. it is under great stress. we are looking to save money wherever we can save money and it appears to me that the administration does not have the kind of rigorous intellectual support for missile defense or nuclear weapons necessary to ensure that we keep these programs on track tell me about
7:38 pm
the nuclear weapons but we have for the submarines when aircraft and so forth and you explain to me several of them being delayed under the budget plans that you have. would you tell us the budget has caused. the deployed forces after i am confident is safe, secure and effective and they are the watchwords we tend to use so today we believe that the trend force is objective and safe, secure and effective. however we have weapons that are beginning to reach the end of
7:39 pm
life with a submarine weapon is not classified information that the w. 76th submarine weapons the life extension program is under way as we sit here today, very encouraged by that and the program seems to be moving forward successfully. with the budget suggestion did is slowed the delivery of those weapons. i believe why all of these budget reductions i think in a perfect world we would say we really wish we didn't have to deal with budget but they are there and the nuclear force was not immune. so i believe that we can manage that delay in the w. 76 because it's towards the end of the program that we can manage this that's manageable the aircraft delivered weapons are also reaching a critical point in terms of their age and he guinea
7:40 pm
to go through life extension and begin that life extension effort although it will give us the first unit of what we call the first production unit most likely in 2019 instead of 2017 which is what the 1251 report had suggested and that is manageable risk as well. when you push things out coming into our assuming that congress will act predictably the future but i would just say that the more things that are pushed out and they are not done when you plan to do them, the greater the danger is is that somehow they won't happen in the operational risk i believe we can manage operational risk on both of those. we are looking at the remaining submarine to see whether or not we can get commonality out of
7:41 pm
those as we look to a future life extension program and we believe there's different possibilities we would like to study that and see so in terms of the weapons for the fiscal budget 12 that we appropriate last year for the fiscal 13 budget that's lean on the table i believe we can go forward with with manageable operational risk what happens beyond 13 and that is for the secretaries of energy and defense have said that we do not have the complete plan in place for what happens beyond 13 and when we look to the infrastructure and industrial complex, as i mentioned earlier to another question is a very unique highly specialized industrial complex, the plan to upgrade the a uranium processing facilities remains in place, the
7:42 pm
plan and to upgrade would be called c m rr or the chemical and metallurgical building to process plutonium is not in place that has been split fairly far to the right, five to seven years depending on which of the documents you look at. i'm concerned about that. i am concerned about our ability to provide for the deployed stockpile and that is my number-one concern here, so i have some concerns we owe you some answers. the departments are working together we are participating in that review and the customer if you will for all of this at the deterrence end of the street. until anyone presents a plan that we can look at and be comfortable with and understand that it is being supported so i am not saying there isn't a way forward. i am hopeful that there is we
7:43 pm
just do not having yet and until we do, as the customer i will remain concerned until we go a little further down the road. >> thank you. you are the customer, you are the person for whom these weapons are delivered, and you need to share with us, and i believe you have honestly both of a good and that needs, and i believe it is at the congress to make sure that i have all the money -- of all the money we spend on the national defence, we make sure that we have sufficient funds to maintain a credible nuclear stockpile. so thank you, mr. chairman. >> thank you. >> senator shaheen. >> thank you for being here this morning for your service and hopefully i won't keep you much past lunch. i wanted to start if i could talking about new s.t.a.r.t. treaty implementation.
7:44 pm
as you know the treaty was an extremely difficult and contentious debate here in the senate and your predecessor as well as seven of the last eight commanders blister support for the treaty which i think was very helpful in getting it done. what can you tell us a little bit about how the implementation of the treaty is progressing? >> senator, i can. there are a number of segments and implementation of the s.t.a.r.t. treaty that have to move forward together. the second is we need to eliminate the launchers that count against the overall treaty limits and have not been in use for very long time. we call them phantom simply because they count on the books but they've been deactivated a very long time ago. some member of the bombers that are in the bone yard and need to
7:45 pm
be dismantled. there are 100 icbm silos that have been empty for a number of years that we don't have any plans to go back to that need to be eliminated as well, not converted from the nuclear to non-nuclear but completely eliminated. those process these are under way. they are turning and are about to finish the environmental impact studies that go along with eliminating the silo so i'm comfortable with those pieces are moving forward correctly read the second thing is we have to get ourselves down to the central limits of the treaty and that is 1,550 deployed warheads, 700 deployed launchers and to 800 deployed and non-deployed. that requires us to select a structure mixture, and we have gone through the current chiefs with proposals and we believe
7:46 pm
that we are settling on a final proposal that the chairman and i can take to the security fence. in the meantime we have become the configuration activities. we are moving all of the icbm. the work has begun and it is going to continue and we are reconfiguring of the members of the warheads on the submarines so that we can get our warheads down to the surgeon limits, so all of these are under way, senator. i will tell you that we know there is a clock running and we have to be the central limits no later than the fifth of february, 2018 and the goal that we have set is in a year in advance of that so that we have time. the field is reconfiguring those and we know we will have to make some adjustments in the icbm force and the ssb submarine force. there is long lead time on that. they are sensitive to weather so we have to leave ourselves some
7:47 pm
slack. we need to make some final decisions and i believe we are pleased to make those. estimate your comfortable that on the central limits we will meet the deadlines? >> yes, i am comfortable we are going to do that. >> and the russians are also meeting their requirements under the treaty as far as we know? >> thank you. >> i want to switch to the refueling tankers because the general taylor, as i know you've commented one of the important support elements of a long-range bomber is obviously refueling capability. we have seen that we're we have the 157th refueling mission and we have a chance to ride along on some of those planes so i appreciate the skill and the
7:48 pm
importance of having that component. can you talk of how critical it is for the air force to modernize that capability and how important it is that we have the new 46 tanker for those long-range bomber operations? >> senator, the word that we use is global. that has been used for street, since it was sac so whitey we appreciate the value of what makes us a global command. in large part what makes us a global command is the ability to protect power. in large part, our ability is based upon the tankers. it is in the only thing that allows us to project power and by the way i think the degette vintage the entire united states military has is the ability to
7:49 pm
project power which is why antiaccess area denial counter strategies are so concerning. and that mixture, i think there's probably -- when i look at my friends in the air mobility command and our colleagues in the u.s. transportation command, i think there's probably no more valuable military assets that we have them our long-range aircraft that can move to give us strategic mobility and the tankers that make it so so when i look at important things for us in modern tanker fleet is irreplaceable and is crucial for our success to think the ability to project power relies on that as well and relies on space and cyberspace for us to project power so all of these pieces go together and any more it is
7:50 pm
almost impossible to say that one platform only exists in the air and they are connected by his labor and relayed by space and their global in nature and being able to move all lot of fuel to power the protection forces as critically important. >> i know it goes without saying the equipment that is required for all of that and the skills of the human talent that is required to do that is also critical. >> the most critical part. >> thank you. >> given that, one of the things i've worked on in my civilian life before i can to the senate is the importance of education, and obviously one of the things we are struggling with both in the private sector now and in the public sector and i think it is particularly true in the defense arena is making sure
7:51 pm
that we have the trained engineers, scientists, mathematicians, technicians that it's going to take for all these jobs in the future. could i ask if maybe both of you might comment on what your commitment is to making sure we have the trained people we are going to need for the future and whether there are any particular efforts that you see the military is involved in to help make that happen? >> senator, again, having people who are stem people who have that some of skills is irreplaceable for us. anything that we can do to support the development of our young people in that regard we need to do. i would say it this way. in all of our combat commands
7:52 pm
you can look and see who the warriors are. typically there is someone with a set of skills that you would recognize on television. they carry a rifle and fly the airplane, etc.. instead, come and general alexander can speak to this fiber command, but across whether it is space or any of the other things we do, the engineers and scientists often are people with that kind of background those of our our warriors so it is even more magnified the value of people with that kind of background than it may be in other places. >> senator, i would just add nsa has a program of over 100 plus universities and cyber related stuff we do that in conjunction with the department of homeland security, and now we bring cyber command in to that so that offers us and tulsa university is one that we work with and there were others as you know. but i think the issue with
7:53 pm
science technology and mouth, the stem program is critical for the country and we, the military cannot do this. it's going to teach you and congress to generate that. we need more scientists and an fourth grade and it's the things that we absolutely have got to push. i have 14 grandchildren all should be engineers and scientists. maybe one could be a lawyer, but the rest. i'm leaving us a little room here. >> i'd go for a doctorate myself. well, thank you. i think as you pointed out, this is an area where the military and the civilian sector need to work more closely than we have in the past and as we look at what we need to do in our education system i think it is important point out that this is a national security issue as well. so thank you all very much. >> thank you, senator shaheen. i agree about the efforts in the
7:54 pm
skills but also agreed to spend time a lawyer and married to a lawyer on your comments of engineers. we need a heck of a lot more than and i won't comment i want be negative on whether we need more. i will just be positive about needing more engineers. both of you, we are very grateful for your comments. the only thing i think i would add, probably general alexander, is that you make repeated reference to what we need to do in the area of cyber in terms of working with industry and i obviously agree in terms of meeting performance standards they are going to work to try to come up with performance standards. i think it's important however to emphasize that even though they will be adopted, that they are going to have to be followed
7:55 pm
and they can decide how to meet those standards, but there will be standards. and i don't think that you should shy away from that. we are talking about the national security, and this is not a question of pro-business and antibusiness. this is a question of being the security of the united states we are talking about, we want to work with business but we can't just allow business here to to put the security of the country is by saying that they oppose standards and instead we would hope that they would work with us on those standards and understand there's plenty of flexibility how to meet the standards but not whether to meet those standards. are you with me so far? >> im, senator. i agree. >> another piece, and that is the information sharing. as you pointed out, you want them to get to the point they
7:56 pm
can tell us about an attack and the bills make it easy for them to tell us because i guess we are addressing some of the issues about the proprietary information for instance, so they will be protected on that. but i think it is also clear as your answers to senator collins made it clear that whether or not they share, and we are talking here about the major infrastructure in this country, whether or not they share information with us is not the question of whether they agree to it or not. at some point of major infrastructure there's going to be a requirement that they share information relative to a tax with proprietary information that they have to help protect the country but they should be
7:57 pm
and i believe will be requirements that they share information of the attacks on that major infrastructure but i would urge you not be reluctant about talking about their obligation not only that they will not to the point they will share but there's a responsibility that needs to be placed upon them talking here about major infrastructure and the responsibility that will be placed upon them to share that information of major tax with us. would you agree? >> i do. >> do you have anything further? we thank you both and we will stand adjourned.
7:58 pm
>> i saw you in the corner of my eye and thought you were a mother said her >> if you think of yourself as a family and as the team commands she said when i get a raise at work is proud of me and it's like we got a raise, our family got a raise but i felt as though she had redefined providing to include what her husband does and that she had a lot of respect for what her husband was
7:59 pm
doing. >> on the changing world of women as the breadwinners of the family and how that impacts their lives. also america the beautiful, the director of pediatric neurosurgeon this past weekend joan collected photographs and was particularly interested in the 19th century, the civil war in particular. these are the two friends, union and confederate, who kne

31 Views

info Stream Only

Uploaded by TV Archive on